If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Enjoy an ad free experience by logging in. Not a member yet? Register.

What are you doing with spam form inputs?

I'm curious to hear what folks are doing with their form mailer routines, when they determine they have a bot or other spammer. Do you just stop processing right there? Do you display a "neener neener, this is spam" message back? Do you display a "thank you for your message, we will process it asap" message? Do you log it on the server for some reason? Do you track the reason why you determined it was spam?

Thanks for the input. I've been sending the message anyway with the subject line changed to ** SPAM ** and including the reason I call it spam. It's interesting to see, but I'm not sure it's doing me all that much good and I am still clogging up the internets with all the mail being sent.

I have a couple being heavily spammed. One is a "add me to your mailing list" form, and the other is part of an FAQ. The second one is on my business site, so I don't want to accidentally miss a real question by tossing out what I thought was spam, so I've been scanning the spam mails as they come in. Fortunately my filter seems to be working well (for the moment), so I'm getting no false positives.

I disagree. Spammers are not exactly known for going to large lengths to post spam. You should at least include something that indicates that the message was discarded as spam. Then, a legitimate user could resend the message or contact the webmaster to let him/her know that the message failed.

Time kills us in our sleep and we watch it happen in our dreams. -K.K.

loadopt1c has a good point. You'll never know if the user is a spammer or not. They now hire real people to spam forms and websites. I assume they pay them by how many they hit in one day. So protecting from spamming robots is not going to work anymore. That being said, a real user may fill it out wrong, or use "spamming" type words accidentally, so there should be some validation messages.

I try to avoid any kind of online contact forms unless there is a system where the user registers and logs-in. That is inconvenient in some cases, but it is what it is.

I disagree. Spammers are not exactly known for going to large lengths to post spam. You should at least include something that indicates that the message was discarded as spam. Then, a legitimate user could resend the message or contact the webmaster to let him/her know that the message failed.

Thing is, at this point I haven't received any legitimate mails that my sw decides is spam. So I'm hesitant to tell the spammers that I've determined their message is spam, in fear that they will change it around and fool my detection process the next time. I have no idea how focused they are on my particular site... maybe I'm reading too much into it. But over the years I've had to rewrite my spam detection several times as the spammers get better at what they do.

Of course ... A human spammer can fill out a form and answer all captchas, so they can post anything they want and never appear as spam. When I look at my emails, or content in a database, the spamming links, porn links, dating service content is all there.

Spammers don't like to spend the time to register, but some still take the effort. Once registered, they can log-in and fill out contact forms just like anyone else.

It's just an unfortunate part of using the internet ... which is turning into a worldwide garbage landfill.